Bind to ldap with the current auticated user
Hi, i am trying to bind to LDAP server with my the current auth user .. so i added the following to the ldap module: identity = "uid=%{Stripped-User-Name:-%{User-Name}},ou=people,o=XXX,o=XXX" password = "%{%{User-Password}:-%{Chap-Password}}" but insted of compressing the unlang string and using the uid i get the fallowing error: rlm_ldap: uid=%{Stripped-User-Name:-%{User-Name}},ou=people,o=XXX.,o=XXX bind to LDAPSERVER.XXX.com:389 failed No such object rlm_ldap: (re)connection attempt failed can some one help me here and tell me what i am doing wrong here???? thanks in advance , Ram
Ram Akuka wrote:
Hi, i am trying to bind to LDAP server with my the current auth user ..
You don't need to change anything to do that. Just make sure LDAP is being used for authentication, and it will automatically bind as user". If you want to do "bind as user" to get authorization parameters, this is wrong.
so i added the following to the ldap module:
identity = "uid=%{Stripped-User-Name:-%{User-Name}},ou=people,o=XXX,o=XXX" password = "%{%{User-Password}:-%{Chap-Password}}"
This is *totally* broken. For one reason, the CHAP authentication method is *not* a password you can use to bind to ldap.
can some one help me here and tell me what i am doing wrong here????
Leave the "identity" and "password" fields in the LDAP configuration as the value for a read-only administrative user. Alan DeKok.
Alan DeKok wrote:
Ram Akuka wrote:
Hi, i am trying to bind to LDAP server with my the current auth user ..
You don't need to change anything to do that. Just make sure LDAP is being used for authentication, and it will automatically bind as user".
If you want to do "bind as user" to get authorization parameters, this is wrong.
so i added the following to the ldap module:
identity = "uid=%{Stripped-User-Name:-%{User-Name}},ou=people,o=XXX,o=XXX" password = "%{%{User-Password}:-%{Chap-Password}}"
This is *totally* broken. For one reason, the CHAP authentication method is *not* a password you can use to bind to ldap.
can some one help me here and tell me what i am doing wrong here????
Leave the "identity" and "password" fields in the LDAP configuration as the value for a read-only administrative user.
The LDAP module can do authentication in two ways. Either you bind as the administrator, lookup the password hashes/ password in the LDAP directory and hash the value of User-Password and do a comparison. Or you bind as the user and reject/ accept the user on the result of the bind. Which one are you attempting to do here ? Arran
participants (3)
-
Alan DeKok -
Arran Cudbard-Bell -
Ram Akuka